Title: [197405] trunk/Source/WebCore
- Revision
- 197405
- Author
- beid...@apple.com
- Date
- 2016-03-01 11:41:46 -0800 (Tue, 01 Mar 2016)
Log Message
Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
https://bugs.webkit.org/show_bug.cgi?id=154860
Reviewed by Alex Christensen.
Covered by existing tests.
* Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):
* Modules/indexeddb/shared/IDBDatabaseInfo.h:
* Modules/indexeddb/shared/IDBTransactionInfo.cpp:
(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy, that
copy needs to be isolated.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (197404 => 197405)
--- trunk/Source/WebCore/ChangeLog 2016-03-01 18:49:42 UTC (rev 197404)
+++ trunk/Source/WebCore/ChangeLog 2016-03-01 19:41:46 UTC (rev 197405)
@@ -1,3 +1,21 @@
+2016-03-01 Brady Eidson <beid...@apple.com>
+
+ Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
+ https://bugs.webkit.org/show_bug.cgi?id=154860
+
+ Reviewed by Alex Christensen.
+
+ Covered by existing tests.
+
+ * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
+ (WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
+ (WebCore::IDBDatabaseInfo::isolatedCopy):
+ * Modules/indexeddb/shared/IDBDatabaseInfo.h:
+
+ * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
+ (WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy, that
+ copy needs to be isolated.
+
2016-03-01 Tim Horton <timothy_hor...@apple.com>
Expose MediaElement and VideoElement to the Objective-C DOM bindings
Modified: trunk/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp (197404 => 197405)
--- trunk/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp 2016-03-01 18:49:42 UTC (rev 197404)
+++ trunk/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp 2016-03-01 19:41:46 UTC (rev 197405)
@@ -40,18 +40,18 @@
{
}
+IDBDatabaseInfo::IDBDatabaseInfo(const IDBDatabaseInfo& other, IsolatedCopyTag)
+ : m_name(other.m_name.isolatedCopy())
+ , m_version(other.m_version)
+ , m_maxObjectStoreID(other.m_maxObjectStoreID)
+{
+ for (auto entry : other.m_objectStoreMap)
+ m_objectStoreMap.set(entry.key, entry.value.isolatedCopy());
+}
+
IDBDatabaseInfo IDBDatabaseInfo::isolatedCopy() const
{
- IDBDatabaseInfo info;
-
- info.m_name = m_name.isolatedCopy();
- info.m_version = m_version;
- info.m_maxObjectStoreID = m_maxObjectStoreID;
-
- for (auto entry : m_objectStoreMap)
- info.m_objectStoreMap.set(entry.key, entry.value.isolatedCopy());
-
- return info;
+ return { *this, IDBDatabaseInfo::IsolatedCopy };
}
bool IDBDatabaseInfo::hasObjectStore(const String& name) const
Modified: trunk/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h (197404 => 197405)
--- trunk/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h 2016-03-01 18:49:42 UTC (rev 197404)
+++ trunk/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h 2016-03-01 19:41:46 UTC (rev 197405)
@@ -39,6 +39,9 @@
public:
IDBDatabaseInfo(const String& name, uint64_t version);
+ enum IsolatedCopyTag { IsolatedCopy };
+ IDBDatabaseInfo(const IDBDatabaseInfo&, IsolatedCopyTag);
+
IDBDatabaseInfo isolatedCopy() const;
const String& name() const { return m_name; }
Modified: trunk/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp (197404 => 197405)
--- trunk/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp 2016-03-01 18:49:42 UTC (rev 197404)
+++ trunk/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp 2016-03-01 19:41:46 UTC (rev 197405)
@@ -81,7 +81,7 @@
result.m_objectStores.uncheckedAppend(objectStore.isolatedCopy());
if (m_originalDatabaseInfo)
- result.m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(*m_originalDatabaseInfo);
+ result.m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(*m_originalDatabaseInfo, IDBDatabaseInfo::IsolatedCopy);
return result;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
